Filter plugins

发表于 2016-10-24 更新于 2025-01-15 分类于 elasticsearch 本文字数： 98 阅读时长 ≈ 1 分钟

Filter plugins

grok

grok {
match => {"command" => "redis-cli -c -h %{IP:node:} -p %{NUMBER:port}%{DATA:data}" }
remove_field => [ "host" ]
}

ruby

功能描述：将redis info 信息格式化按字段输出

ruby {
       code => "fields = event['message'].split(/\r\n|\n/)
       length = fields.length-1
       for i in 1..length do 
         if fields[i].include?':' then
           field = fields[i].split(':')
           event[field[0]] = field[1].to_f
         end
       end
       "
       remove_field => [ "message" ]
   }

mutate

功能描述：字段类型指定

filter {
        mutate {
            convert => {"latestResponse" => "integer"}
            convert => {"cacheHit" => "string"}
            convert => {"cacheRate" => "float"}
        }
        
}

Filter plugins

Output plugins